You will be billed $90,000 for this call 4: mobile malware distribution patterns and protection tips from F-Secure

Read: You will be billed $90,000 for this call: Mikko Hypponen (F-Secure) on Dialers, telephone fraud, mobile malware
Read: You will be billed $90,000 for this call 2: F-Secure detects trojan malware in mobile game
Read: You will be billed $90,000 for this call 3: F-Secure discloses mobile app virus attacks

Yes there is tons of like traditional hacking going on, which uses premium rate numbers to get money out of it, including hacking VoIP1 systems and Asterisk2 systems and others. What I am talking right here is the difference between PC and mobile malware, using mobile malware to issue calls straight from the smartphone, and that difference is that big. Five hundred mobile malware, of which only a handful tries to do premium rate text messages or premium rate calls.

So, this problem doesn’t exist yet. We only have a handful of examples.

Operating system market shares My theory on why the bad guys are doing more of these already is in the operating system market shares. Low hanging fruit is Windows, and it is Windows XP. Most of the malware today have been written for Windows, specifically written for the Windows XP.

Because Windows XP is 9 years old, almost everybody is running it as ‘Administrator’. It has by far the biggest market share, 62% of the computers on this planet are running Windows XP, 15% – Vista, 12% – Windows 7 (See image). That’s the latest figures I could find.

Which means, why on Earth would the attackers even consider any other platform right now than Windows XP, where they already have existing attacks, existing malware frameworks that work and bring great results? They are getting great money out of current attacks. They do not have to move anywhere. And they won’t. Of course, eventually, this will change. In two years, Windows XP will no longer be the most common operating system. It will be replaced by Windows 7. And of course Windows 7, sure, can get infected but it is harder. You know, there’s a bigger barrier again, and it’s perfectly possible when the current virus writer gangs realize that they have to start putting in more efforts, they have to start pointing their software from Windows XP to somewhere else, to Windows 7, or maybe, maybe some of them look around and realize that actually targeting phones might be a better idea.

We’ll see, but right now, I am not really expecting huge amount of rush from the current virus writers, from their current platforms to mobile, because it works so well for them already right now. Why would they move? Such an easy target.

F-Secure Mobile Security app protecting a smartphone So, what should you do to protect against attacks like these? A scenario where your customers or your users are hit by piece of malware, and which uses their smart phones to issue calls to faraway places.

Well, the usual, look down the devices, prevent the installation of 3rd party applications, setup policies, tell your users not to install games, especially not the ‘3D Anti-terrorist game’. And of course you can buy expensive security products on your device. For example we have a solution for this which we’d be happy to sell to you – it’s called F-Secure Mobile Security. But, frankly, right now most of our customers who buy security products for their smartphones, aren’t actually buying it to prevent mobile from viruses. They are more looking into other features that security products provide like: antitheft, online backup, remote lock, remote write – that kind of features. Because that’s something you need already today, while antivirus and mobile firewall is something you would need more in the future.

Distribution of mobile malware by platform If you look at mobile malware by platform (See image), it looks like this: 516 mobile phone attacks have been seen so far. Majority, by far, targeting Symbian, Symbian like for example my Nokia phone right here. Why Symbian? Because Symbian is the king of the hill. Symbian is the guerilla. They by far, have the biggest market share of smartphone operating systems. They are three times ahead of Blackberry or Iphone or Android or Windows Mobile. Of course, here in USA nobody runs Symbian, but you go anywhere and it is by far the most common platform. So, most of the attackers are writing for the biggest operating system. Yes, there are some attacks for others but frankly very little, so that’s the distribution of malware today.

We have seen, for example a remote spy program is available for Blackberry. So, it’s not a virus or worm, but it’s a spying tool that can be installed on a Blackberry and then to be used remotely: listen all the phone calls, see the location of the phone, turn on the microphone remotely and listen what’s being discussed. That would be a typical example of Blackberry malware but outside of that, there are very few examples.

So, that’s what I wanted to share with you today. Thank you very much.


1VoIP (Voice over Internet Protocol) commonly refers to the communication protocols, technologies, methodologies, and transmission techniques involved in the delivery of voice communications and multimedia sessions over Internet Protocol (IP) networks, such as the Internet.

2Asterisk is a software implementation of a telephone private branch exchange (PBX); it was created in 1999 by Mark Spencer of Digium. Like any PBX, it allows attached telephones to make calls to one another, and to connect to other telephone services including the public switched telephone network (PSTN) and Voice over Internet Protocol (VoIP) services.

Like This Article? Let Others Know!
Related Articles:

Leave a comment:

Your email address will not be published. Required fields are marked *

Comment via Facebook: